Ultimately, we decided to stay with OUD for the Enterprise Directory, and adopt OpenLDAP for the non-critical edge directories.

Hardware

For Enterprise Directory, UCLA runs 3 Dell PowerEdge R710 servers. Each server has 12GB RAM and 2 2.4GHz Intel Xeon E5 645 processors. We run 2 of those servers at UCLA's Data Center in a semi active-passive configuration. The 3rd server is located at UCLA Berkeley. All three are multi master replicated. At run time, the bulk of LDAP query requests go to 1 server. Essentially, all of our authn/authz traffic is being handled by 1 server, with the other 2 acting as redundant back ups.

You mentioned
federation, was that an important requirement for UCLA?

Yes. UCLA collaborates
heavily with other higher education institutions around the country/world. We
often have researchers wanting to sign into services provided by fellow higher
ed institutions. We also have plenty of visiting scholars or collaborating
researchers from other institutions accessing UCLA services. Higher education
communities around the world have deployed Shibboleth/SAML-based federated IDM
solutions to facilitate these collaborations:

The only changes we
made during the upgrade were that we upgraded the software from DSEE 6.3,
upgraded Linux, and that we bought new servers. The old servers were Dell
PowerEdge 2850's. The new ones are Dell PowerEdge R710's.

What is your
hardware specification for one OUD 11g server…

Can you explain
the HA/DR architecture a bit more?

RAM size, CPU
type, and number?

We runs 3 Dell
PowerEdge R710 servers. Each server has 12GB RAM and 2 2.4GHz Intel Xeon E5
645 processors. 2 of those servers run at UCLA's Data Center in a semi
active-passive configuration. The 3rd server is located at UCLA Berkeley. All
three are multi master replicated. At run time, the bulk of LDAP query requests
go to 1 server. Essentially, all of our authn/authz traffic is being handled by
1 server, with the other 2 acting as redundant back ups.

Our IDM architecture
is highly modular. All external access to the enterprise directory run through
a service layer. This layer is consists of Shibboleth, a set of data update web
services and loading programs, and a number of edge directories. All service
layer components can be easily configured (some automatically) to seek out the
secondary directory servers when the primary goes down. We take advantage of
this capability during maintenance to keep the services available.

FYI, our servers are
hosted in a tier 2.5 data center (We have tier 3-like capability for critical
servers such as OUD, but we don't have that for all servers in the data
center).

What was the cost
of the migration?

Because of the labor
and equipment cost differences, I don't think my numbers will be all that
accurate. I can say the following:

We
engaged Hub City Media for just about 1.5 months worth of work.

We
had one system engineer working full time on the project throughout the 4
month period. He also managed the project.

Yes. We conducted
several passes of data loading/validation tests. In addition, we ran security
vulnerability scans and ran multi stress tests ranging from peak stress tests
to sustained, multi-day simulations. Sorry. We can't release test result data,
but I can say that OUD passed with flying colors.

We only had one
engineer working on the project. Between test prep, run, and analysis, testing
did take about a month.

Was the OUD Proxy used at UCLA?

No. We considered it,
and might still consider it as we revise our architecture. But for the
migration, we did not introduce the Proxy.

Can OUD Server
and DSEE replicate each other?

Yes, but with caveats.
There is no direct replication between OUD 11g and Sun DSEE 6.3. You need to
place Oracle DSEE in between. In addition, there is an undisclosed cap on the
replication rate. All of this may have changed since we worked on the project
though. :-)

Scott Bonell, Sr. Director of Product Management will be talking to Steve about their recent project to upgrade a large University from Sun DSEE Directory to Oracle Unified Directory. Scott and Steve will talk through details of the project, from planning through implementation.

In addition to this webcast, Steve Giovanetti will also be participating in two sessions at Oracle OpenWorld 2012: